General

  • Target

    34a5fcc5e5d4d4f96c8352bbf9f0a2947a9a321b7156740eff4fbfa9277b5c31N

  • Size

    696KB

  • Sample

    241110-bwvnsawfqj

  • MD5

    ccfc0b8fcfc903b655dc0211e1aed880

  • SHA1

    4179686b6f38115bdb4a7a70b06d75bb16bafef3

  • SHA256

    34a5fcc5e5d4d4f96c8352bbf9f0a2947a9a321b7156740eff4fbfa9277b5c31

  • SHA512

    d5e69961150e81e64a6aa4733465f7627df1571afcde21037ad5278499a395a702f3d183279c283bb10a11ae031a7ea14e34510631370dcdf238615242f1d576

  • SSDEEP

    12288:Oy90PKKexzrE1IjmQ/zwf6ZPP3mWBhdFD2iUm7I5FI8BjmUPsot8Pxb:OysleRrEEmgEU3mWvdNF5mLNbBt8h

Malware Config

Targets

    • Target

      34a5fcc5e5d4d4f96c8352bbf9f0a2947a9a321b7156740eff4fbfa9277b5c31N

    • Size

      696KB

    • MD5

      ccfc0b8fcfc903b655dc0211e1aed880

    • SHA1

      4179686b6f38115bdb4a7a70b06d75bb16bafef3

    • SHA256

      34a5fcc5e5d4d4f96c8352bbf9f0a2947a9a321b7156740eff4fbfa9277b5c31

    • SHA512

      d5e69961150e81e64a6aa4733465f7627df1571afcde21037ad5278499a395a702f3d183279c283bb10a11ae031a7ea14e34510631370dcdf238615242f1d576

    • SSDEEP

      12288:Oy90PKKexzrE1IjmQ/zwf6ZPP3mWBhdFD2iUm7I5FI8BjmUPsot8Pxb:OysleRrEEmgEU3mWvdNF5mLNbBt8h

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks